Ok, well you likely could also correct it by converting A2 to routing only and leaving the VPN on A1 which might be easier for you with all the other clients.

@tjabas said in No-ip auto confirm?:

i have installed this plugin

What did you chose ? Are you using a docker (whatever that light be) ? A debian setup ?
Installed where ?

@jimp Thank you for the info. After upgrading 3 units to the RC, everything works as it should

@johnpoz said in Need help - can't reach website by FQDN or the IP Address:

Maybe that fqdn should only be used in the US?

Yup, that seems possible.

@stephenw10 Thank you, I can live with what it is. elmo

@pete35 Update on this.

I secured this contract. We're using a pair of Juniper SRX 380s as we got 10Gbps dual DIA circuits

I am posting lessons learned for posterity's sake and a cautionary tale for others who search for something similar to this.

pfSense cannot perform advanced routing in a stable way. FRR needing to be reloaded for changes is a problem that i do not blame pfSense on. Thats just the way the package currently functions but still should be taken into account. I got over 15 sites in a hub and spoke set up. If i update frr im breaking connectivity for all sites. When won't I have to make a route map change? Add a new BGP neighbor? There is no maintenance window in the world that a company would approve a global outage. There are workarounds for this I suppose but not worth exploring.

As I outlined in my redmine, there is an issue with IPsec that impacts FRR in a negative way. The problem isnt with FRR.
If there is a need to do routing over IPsec (obviously utilizing VTIs) then pick another firewall. Imagine you have a datacenter terminating over 50 IPsec tunnels. All you do is update the IPsec configuration or even onboard another site and click apply. You just broke routing within the enterprise. Thats absolutely insane and scary. This is something that can be replicated by TAC per the redmine. I cant recommend in good conscience deploying pfSense in that situation.
I got extremely lucky in that my client paid thousands of dollars on the 6100s to make the sacrifice of getting the Juniper head-end SRXs to manage all of this.
I really do advise anyone reading this to reconsider something else if your solution requires dynamic routing with IPsec. Beware,..

Lastly, there are lots of things that pfSense gets right. I will continue to deploy it in much less advanced scenarios but cannot use it going forward on topologies that require High availability with routing. The software just cant do it. This was indeed an eye-opener for me but we all learn the hard way.

@stephenw10

But for a shorter time?
Yes,so if I did not use netdata to monitor the system very minus,I can not find it in the "top" command.

Did he updater script get re-written? It would if you make any changes to the graph settings.
I did not "save view",just update graph.

How do you have the syslog exporting setup? I've never seen it do anything except send close to instantly though. I can't imagine anything buffering 1h of logs locally.

Check the timezone is set correctly. The clocks are sync'd on both systems.

Steve

@py Writing out the problem gave me a hint. Cleared the BIOS and was able to get the console back up. Looks like it had somehow enabled "Above 4G decoding." Disabling that worked.

You probably want to export and log netflow data if you want that sort of detail:
https://docs.netgate.com/pfsense/en/latest/recipes/netflow-with-softflowd.html

Or you could enable logging on the pass firewall rules and export those logs to a syslog server:
https://docs.netgate.com/pfsense/en/latest/monitoring/logs/remote.html

Steve

@stephenw10
That was on "Home" 23.5

I just tried again, and i can't seem to replicate the failure.
It asks for "View name" immediately now.

I did notice that i had two open Web sessions to the Monitor page, when i had the issue , and might have done changes via both.
Could that have caused troubles ?

Well it works now, but "I swear it was weird" when i wrote about it.

Btw: After the "Reset Data" (RRD) my temps are showing again on the "Home" 23.5
13a01440-5aff-4e95-bc47-5dcc6b94cab2-image.png

As always, thanx for your time,support & wisdom 👍

/Bingo

Suppress the alerts or disable the rules on the Snort instance running on OPT2:
https://docs.netgate.com/pfsense/en/latest/packages/snort/setup.html#select-which-types-of-rules-will-protect-the-network
https://docs.netgate.com/pfsense/en/latest/packages/snort/setup.html#alert-thresholding-and-suppression

Steve

@stephenw10 Got 2% less... (77 to 75%)
Dont really know what to do more then the things you suggested.

There must be something that stores those 10GB's..

@stephenw10 Thanks Steve, I believe that this is the first place I will go.

-John

@stephenw10
Thank you for your beautiful answer
My exact problem is that this happened after adding a router between the firewall and the main switch, and in my opinion, this could be the problem.
thanks steve

@rcfa said in Notifications...:

each time the WAN interface's DHCP assigned IP address changes

I'm using a " Services > Dynamic DNS > RFC 2136 Clients" myself, and I receive a mail when it updates.

each time a DynDNS update fails

Fails ?
If it fails because WAN is down .... wonder how you want to receive the mail then.
Because the some other issue DynDNS server side ?
That needs some modifications here /etc/servcies.invc : function services_dnsupdate_process()
Add your own mail notification lines.

each time a package has an update/new version

Have that :

mer. 24 mai 07:01 Notifications in this message: 1 ================================ 7:01:19 An update to pfSense version 23.05 is available The following updates are available and can be installed using System > Package Manager: acme: 0.7.3_1 ==> 0.7.3_2 Netgate_Firmware_Upgrade: 0.56 ==> 23.05.00 pfBlockerNG-devel: 3.2.0_4 ==> 3.2.0_5 Some packages are part of the base system and will not show up in Package Manager. If any such updates are listed below, run `pkg upgrade` from the shell to install them: 7-zip: 21.07_2 -> 22.01 [pfSense] bash: 5.2.2_1 -> 5.2.15 [pfSense] bind-tools: 9.18.8 -> 9.18.13 [pfSense] ca_root_nss: 3.83 -> 3.89 [pfSense] ccid: 1.5.0 -> 1.5.1 [pfSense] check_reload_status: 0.0.14 -> 0.0.15 [pfSense] .....

There is a script on the forum that does this.

each time a new package becomes available

You mean : when something gets added or changed here : System > Package Manager > Available Packages ?
AFAIK : that doesn't exist yet.
But is very possible to create.

each time a VPN link goes down

Google : "notification when VPN goes down", I'm sure you'll find a script that can be adapted for your needs.

Btw, with VPN you mean the OpenVPN client I guess. Not the OpenVPN server.
Normally, when you really needs the OpenVPN client, you'll know that it is down, as all traffic is routed over that connection : when it breaks, your LAN has no Internet anymore. That doesn't goes unnoticed for very long time ;)

@stephenw10 I have it working now, made a simple mistake, testing too many VLAN ID, I used the wrong one. It is all working as expect now.

Thanks for the assist! :)

@johnpoz

The default was to use the same serial number which is what, I think, I left selected

Will test that again just because, why not

Puzzling

Release Candidates of pfSense CE 2.7.0 and pfSense Plus 23.05.1 Software Now Available

The Release Candidate (RC) builds of pfSense® CE software version 2.7.0, and pfSense® Plus software version 23.05.1, are now available. As we prepare for their final release (currently planned for June 29) we invite you to try out the release candidates and share your feedback with us.

Your speedtests are against different servers. One is much closer than the other. Or is detected as such at least.